KLA10900
Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
Обновлено: 17/06/2019
Дата обнаружения
08/11/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. An improper memory objects handling can be exploited remotely via a specially designed content to execute arbitrary code or obtain sensitive information;
  2. An improper RegEx handling at XSS filter can be exploited by logged in attacker via a specially designed application to obtain sensitive information;
  3. An improper memory objects handling at scripting engines can be exploited remotely via a specially designed content to execute arbitrary code;
  4. An improper HTTP content parse can be exploited remotely via a specially designed content to spoof user interface.
Пораженные продукты

Microsoft Edge
Microsoft Internet Explorer versions 9 through 11

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
MS16-129
CVE-2016-7239
CVE-2016-7209
CVE-2016-7227
CVE-2016-7208
CVE-2016-7195
CVE-2016-7196
CVE-2016-7198
CVE-2016-7199
CVE-2016-7200
CVE-2016-7201
CVE-2016-7202
CVE-2016-7203
CVE-2016-7204
CVE-2016-7243
CVE-2016-7242
CVE-2016-7241
CVE-2016-7240
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Internet Explorer
Microsoft Edge
CVE-IDS
CVE-2016-72392.6Warning
CVE-2016-72092.6Warning
CVE-2016-72272.6Warning
CVE-2016-72087.6Critical
CVE-2016-71957.6Critical
CVE-2016-71967.6Critical
CVE-2016-71987.6Critical
CVE-2016-71992.6Warning
CVE-2016-72007.6Critical
CVE-2016-72017.6Critical
CVE-2016-72027.6Critical
CVE-2016-72037.6Critical
CVE-2016-72042.6Warning
CVE-2016-72437.6Critical
CVE-2016-72427.6Critical
CVE-2016-72417.6Critical
CVE-2016-72407.6Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3200970
3197867
3197868
3197873
3197874
3197876
3197877
3198585
3198586
3197655
3205386
3205383
3203621
3205401
3205400
3205408
3205409
3207752
3205394
3206632